Overview
- Knowing your Data
- Protecting your Data
- Prevent Data Loss
- Govern Your Data
Target Audience
- Technical Business Decision Makers
- Office 365 IT Professionals
- Anyone who has a business interest in how to Implement Governance Security and Compliance for their organisation in Office 365
Practical Labs
During the course students will create their own Office 365 and have labs which populate their environment with data then implement the features learnt through the course (note due to latency of Microsoft services some labs can take several hours or more to complete) Labs are written so students can choose which labs they want to complete.
Prerequisites
An understanding of Office 365 core technologies and an interest in the business benefits of the Microsoft Office 365 Platform from a Governance Security and Compliance perspective.
Instructors will demonstrate features throughout the event. Optional Lab exercises are available for students to complete within a delegate created free trial tenancy. Microsoft require a valid credit card to create 30 day free tenancies which must be cancelled within 30 days to avoid incurring charges. QA have no control over the Microsoft 365 trial tenancy signup or billing process.
Course Outline
Module 1 – Introducing Compliance Standards and Microsoft Commitments
Introduction
Data Breaches
Data Breach Statistics
Common Compliance Standards
- General Data Protection Regulation (GDPR)
- Core Principles of GDPR
- ISO/IEC 27001:2013
- National Institute of Standards and Technology (NIST)
Microsoft’s Commitment to Compliance
- Contractual Commitments
- Microsoft Compliance Offerings
Microsoft Compliance Portals and Tools
- The Microsoft Trust Center
- The Microsoft Service Trust Portal
- Compliance Manager/Compliance Score
- Security and Compliance Admin Centers
- GDPR Activity Hub
Security and Compliance PowerShell
Microsoft 365 Admin Roles
Relationships between Azure AD Administrative Roles
Permissions in Compliance Centers and Microsoft 365 Defender Portal
Microsoft’s Compliance Model
Microsoft 365 GDPR action plan
Office 365 Overview
Office 365 is Evergreen
Office 365 Compliance and Security Licensing and Permissions
Security and Compliance Licensing
- Licensing Resources
Lab 1.1a Sign Up for a Microsoft or Office 365 trial and create Sample Users
Lab 1.1b Optional – Uploading Profile Pictures for Sample users
Lab 1.1 Optional – Using Google Chrome Profiles
Lab 1.1 Optional – Using Microsoft Edge Profiles
Lab 1.1 Optional – How to Get 360 days Office 365 for free
Module 2 Introducing Office 365 Search Concepts
Introduction
Microsoft Search
SharePoint Online Columns
SharePoint Online Search Schema
SharePoint Online Content Types
- SharePoint Online Columns vs Content Types
SharePoint Syntex
- Form Processing vs Content Understanding
- SharePoint Syntex Classifiers
- SharePoint Syntex Extractors
- Syntex and Retention Labels
- Syntex Form Processing Models
- SharePoint Syntex Model Analytics
Compliance Center Data Classification
- Trainable Classifiers
- Sensitive information types
- Named Entities
- Custom Sensitive Information Types
- Testing Sensitive Information Types
- Exact Data Match (EDM)
Lab 2.1 Content Types
Lab 2.2 SharePoint Online Syntex
Module 3 Office 365 Content Search and Privacy Management
Microsoft 365 Content Search
- Content Search Security
- Configure Security Filtering for Content Search
- Running a Content Search
- Search for Teams chat data for on-premises users
- Targeted Collection Search
- Condition Card Builder & KQL Editor
- Preview Sample Search Results
- Search Statistics
- Content Search PowerShell
- Export Content Search Results
- Unindexed Items in Content Searches
- Increase Download Speed When Exporting Content Search Results
- Differences Between Estimated and Actual eDiscovery Search Results
- De-duplication in eDiscovery Search Results
- Search for and Delete Email Messages in an Office 365 Organisation
- Use Content Search to Search the Mailbox and OneDrive for Business Site for a List of Users
- Clone a Content Search
User data search
Microsoft Privacy Management
- Privacy Management Delegation
- Privacy Management Settings
- Discovery and Visualization of personal data within an organization
- Privacy Management Policies
- Privacy Policies Alerts and issues
Subject Rights Requests
- Creating subject Rights Requests
- Reviewing Subject Rights Requests
- Automatic detection of Priority Items
- Data Collected Review
- Subject Rights Request Content Classification
- Completing Subject Rights Request Review and Reports
- Subject Rights Request Reports
- Subject Rights Requests – Other tasks
Lab 3.1 Office 365 Content Search
Module 4 Office 365 eDiscovery
Office 365 eDiscovery
Office 365 eDiscovery Tasks
Office 365 eDiscovery Cases
eDiscovery Security
eDiscovery Related Roles in the Compliance Center
Role Groups for eDiscovery
Compliance boundaries for eDiscovery investigations
Create eDiscovery cases
Add Users to an eDiscovery Case
Place Content on Hold
Content on hold preservation
Create and Run eDiscovery Searches
eDiscovery Exports
Closing and Deleting an eDiscovery Case
Lab 4.1 eDiscovery
Module 5 Office 365 Advanced eDiscovery
Office 365 Advanced eDiscovery
Advanced eDiscovery Requirements
Licensing – Key Points
Microsoft Advanced eDiscovery
Global analytics settings: attorney-client privilege
Creating an Advanced eDiscovery Case
Advanced eDiscovery Cases
- Identification – Data Custodians
- Advanced eDiscovery Holds
- Advanced eDiscovery Communications
- Required and Optional Notifications
- Advanced eDiscovery Collections
- Advanced eDiscovery Review Sets
- Review Set Collection Options
- Content Ingestion Scale
- Loading Non-Office 365 Source Data for Advanced eDiscovery
- Advanced eDiscovery Processing
- Processing Error Remediation
- Review Set Profile Views
- Working with Data in a Review Set
- Review Set Filters and Queries
- Conversational/Threaded views
- Review Sets – Tagging Content
- Advanced eDiscovery Search and Analytics
- Ignore Text and Optical Character Recognition
- Advanced eDiscovery Predictive Coding
- Exporting Case Data
Module 6 Office 365 Data Retention and Disposal
Office 365 Retention Options
- eDiscovery Holds
- Retention Policies
- Retention Labels
Creating Retention Policies
- Adaptive vs Static Retention Policies
- Adaptive Scopes
- Retention Policy Locations
- Teams Retention Policy considerations
- Retention Options
- Preservation Lock
Retention Labels
- Retention and Record Label Publishing
- Auto-applying a Retention Label
Alternative methods to auto apply retention labels
- Sharepoint – Library or folder default label
- Sharepoint – Syntex
- Outlook – Inbox Rules
Record Retention Labels
Retention Label Creation
Event Driven Retention
Disposition Reviews
- Disposition Review Process
- Disposition Review Considerations
Retention Label Review
Record Retention Label File Plan Descriptors
Locking and unlocking a record (Record Versioning)
Searching the audit log for record locking/unlocking events
Records vs Regulatory Records
Label Publishing and Label Policies
Retention Label policies and locations
Policy Lookup
Monitoring Retention Labels
Retention Policy and Label Auditing
Retention label PowerShell
Retention Precedence
Retention Policy and Retention Label Comparison
Microsoft Retention Flowchart
Inactive Mailboxes
- Recovering or Restoring Inactive Mailboxes
- Recovering and Restoring Inactive Mailbox Considerations
- Deleting an Inactive Mailbox
Exchange Online Archiving
- Unlimited Archiving
Legacy Retention Functionality
Disposing of data
Modifying Exchange Online Default retention period
SharePoint Online and OneDrive for Business Content Disposal
Microsoft Data Destruction
Lab 6.1 Office 365 Retention Policies
Lab 6.2 Office 365 Retention Labels
Lab 6.3 Exchange Online Archiving
Module 7 Office 365 Authentication
Office 365 Authentication
Authentication, Authorisation, and Access Control
Azure AD Password Protection
Security Defaults
Multi-Factor Authentication in Office 365
- Software Requirements for MFA in Office 365
- Set Up Multi-Factor Authentication in Office 365
- MFA with Conditional Access
- GPS Named Location MFA control
- Conditional Access Filters for devices
- Per User MFA
- MFA Settings
- Inform Users How to Sign In Using MFA in Office 365
- MFA Authentication App
- App Passwords (legacy)
- Resetting MFA User settings
Lab 7.1 Multifactor Authentication
Module 8 Sharepoint Online Security
SharePoint Online Permissions
Classic vs Modern Site Permission Management
SharePoint Modern Team Sites
Access Requests
Member Sharing options
Permission levels
Bespoke Permission Levels
Granting Explicit Permissions
SharePoint Groups
SharePoint Group Best Practice
Recommended SharePoint Online Group Model
Special SharePoint Groups
Permission Inheritance
Breaking Inheritance
Granting Permissions
Checking Permission
“Sharing” SharePoint Items
Sharing a Site
Sharing a Document Library/List
Sharing a Folder or Items
Modern UI folder or item sharing
Modifying and Removing Permissions
SharePoint Online Permissions via PowerShell
SharePoint Online Permissions Best Practice
Lab 8.1 SharePoint Online Permissions
Conditional Access
Module 9 Sharepoint External Sharing
SharePoint External Sharing
- Authenticated External User sharing
- Authenticated External User Link Management
- Anonymous Access Links
Modern Team Sites Guest Access
Office 365 Group external access administration
- Controlling Guest Access to Office 365 Groups
- Guest expiration settings
- Determining Guest Access for Office 365 Groups
- Blocking Guest access for a specific Office 365 Group
- Allow/Block 365 Group Access per domain
SharePoint Online External sharing administration
Tenant Level External Sharing Administration
- Azure B2B One Time Passcodes for Guest Users
- Pre-Creating Guest Users
Advanced settings for external sharing
- File and Folder Links
- Outlook External Sharing Link Features
- Show to owners the names of people who viewed their files
Site Collection External Sharing Options
PowerShell External Sharing
SharePoint Online External Sharing Alerts, Auditing and Reporting
Lab 9.1 SharePoint External Sharing
Module 10 Office 365 Groups and Teams Governance
Microsoft 365 Groups
Microsoft 365 Group building blocks
Guest access in Microsoft 365 Groups
- Controlling Microsoft 365 Group Guest access
- Microsoft 365 Groups PowerShell management
- Controlling Microsoft 365 Group Creation
- Obsolete Microsoft 365 Group expiration and removal
Microsoft 365 Group governance
Microsoft Teams Governance
- Understanding Roles and Permissions in Microsoft Teams
- Manage User Access to Microsoft Teams
- Manage Guest Access to Teams
- Manage Team Organisational Settings
Lab 10.1 Managing Microsoft 365 Groups and Teams
Module 11 Office 365 RBAC, PIM, PAM & Access Reviews
Office 365 RBAC
- Identifying Required Role Groups
- Administration of Administrative Role Groups
- Custom Role Groups
Azure AD Privileged Identity Management (PIM)
Azure AD Access Reviews
Office 365 Privileged access management
- Configure and enable Office 365 Privileged access management
- Requesting and approving access
Exchange Online Authorisation
Introducing Security in Exchange Online
Exchange Online Admin Role
Role Based Access Control (RBAC)
- RBAC Role Groups
- Creating Exchange Online Role Groups
- Roles
- Role Entries
- Management Role Scopes
- Creating Custom Scopes
Lab 10.1 Azure AD Privileged Identity Management
Lab 10.2 Exchange Online RBAC
Module 12 Multi-Geo
Office 365 Multi-Geo
Sample Multi-Geo Tenant Configuration
Implementing Multi-Geo
Office 365 Multi-Geo Features for SharePoint and OneDrive
Module 13 Office 365 Message Encryption
Office 365 Message Encryption (OME)
- OME Configuration
- OME Enhanced Recipient Experiences
- Flexible controls for attachment encryption for recipients
- Decrypting Attachments
- Read Only and Attachment Download Restrictions in Exchange Online
- Combining OME with blocked attachment download
- Branding OME Encrypted messages
- Branding/Advanced Configuration is not just for Branding
- OME Integration with Data Loss Prevention (DLP)
- OME Integration with Exchange Mail Flow Rules
- Encrypted Mail Revocation
Lab 13.1 Office 365 Message Encryption
Module 14 Sensitivity Labels
Office 365 Sensitivity Labels
Sensitivity Labels for Files and Emails
- Classification
- SharePoint Search using Sensitivity Labels
- Sensitivity Labels as a DLP condition
- Sensitivity Label Visual marking, watermarks, headers and footers
- Sensitivity Label Protection – Encryption both inside/outside the organisation
- Double Key Encryption
Sensitivity Label Client Support
- Client ‘Quirks’
- Applying File and Email Sensitivity labels
- Sensitivity Label Support for Office Online Files
Automatically Applying Sensitivity Labels
- Auto-labelling Policies
- Auto labelling properties within a label
- Auto-Labelling Policies
Alternative (cheaper) auto-labelling strategies
- Exchange Mail Flow Rules
- Exchange DLP Policies
- SharePoint Syntex sensitivity label assignment
- Microsoft Cloud App Security File Policy based Sensitivity Labels
Sensitivity Labels for Teams, 365 Groups and SharePoint Sites
- Authentication Contexts
- Applying a 365 Group or Site Sensitivity Label
Sensitivity Label priority and grouping
- 365 Group and Site vs File and email label ordering
- Sublabels
Editing or deleting a sensitivity label
Label Policies
Label Analytics
Data Classification – Activity Explorer
Lab 14.1 Office 365 Sensitivity Labels
Module 15 Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps Overview
Microsoft Defender for Cloud Apps vs Office 365 Cloud App Cloud App Security
Microsoft Defender for Cloud Apps
Office 365 Defender for Cloud Apps
Defender for Cloud Apps Licensing Options
Office 365 Defender for Cloud Apps
Microsoft Defender for Cloud Apps
- Microsoft Defender for Cloud Apps Dashboard
- User anonymisation
- Cloud App Catalog
- App Sanctioning
- Defender for Cloud Apps Activity Log
- Defender for Cloud Apps Activity Privacy
- Files
- Files Management Reports
- Users and accounts
- User Governance Actions
- Security Configuration
- OAuth Apps
Compliance Center App Reports
Conditional Access App Control
- Deploy Conditional Access App Control
Defender for Cloud Apps Policy Templates
Policy Alerts
Scoping Defender for Cloud Apps
Generic SIEM integration
Azure Sentinel Integration
Use Power BI with Defender for Cloud Apps data in Azure Sentinel
Top tips for Using Defender for Cloud Apps
MCAS Ninja training
Lab 15.1 Defender for Cloud Apps
Module 16 Managing Insider Risks
Insider Risk Management
Insider Risk Management Requirements
Insider Risk Management Process
Insider Risk Recommended Actions (QuickStart)
Insider Risk Management Scenarios
Insider Risk Management Settings
- Privacy
- Policy Indicators
- Policy timeframes
- Intelligent detections
- Export alerts
- Priority user groups
- Priority Physical Assets
- Power Automate Flows
- Microsoft Teams Integration
- Analytics
- Admin Notifications
Insider Risk Management Administration
- Policies
- Policy Health and recommendations
- Insider risk management browser signal detection
- Alerts
- Cases
- Case Actions
- Resolving Cases
Insider Risk Admin Auditing
Communication Compliance
- Configure Policies
- Investigate
- Resolution
Information Barriers
- Information Barriers and Exchange ABP’s
- Information barrier functionality
- Information barrier configuration
- Make sure prerequisites are met
- Segment users in the organisation
- Define information barrier policies
- Apply information barrier policies
Customer Lockbox
Module 17 Office 365 DLP
Office 365 Data Loss Prevention
Components of DLP Policies
Creating a Custom DLP Policy
- DLP Policy Locations
- Endpoint DLP
- Microsoft Compliance Extension for Google Chrome
- DLP Policy Settings
- DLP Conditions/Exceptions
- DLP Actions
- DLP User Notifications and User Overrides
- DLP Incident reports
DLP Powershell
DLP Mark Files as Sensitive by Default
DLP Reports
DLP Activity Explorer
Lab 17.1 Data Loss Prevention
Module 18 Office 365 Encryption
Office 365 Encryption
Data in transit
Data at rest
Encryption in Office 365 Products
Customer Encryption Controls
Customer Lockbox
Microsoft 365 Information Protection
Module 19 Office 365 Auditing Alerts Reporting and Compliance Tools
Microsoft 365 Usage Analytics
- Dashboard Reports
- Enabling Microsoft 365 Usage Analytics
Office 365 Auditing
- Audit Log Permissions
- Running an Audit Log Search
- Viewing Audit Log Search Results
- Filtering Audit Log Search Results
- Exporting Audit Log Search Results
- Advanced Audit in Microsoft 365
- Audit log retention policies
Exchange Online Auditing
Office 365 Alerts
Compliance Reports
Office 365 Management API
Compliance Manager and Compliance Score
Compliance Manager Automated Testing
Configuration Analyzer for Microsoft Purview (CAMP)
Microsoft 365 Secure Score
Compliance/Secure Score “Old Skool”
Microsoft Service Trust Portal
Microsoft Trust Center
Microsoft Security Site
Lab 19.1 Office 365 Auditing
Lab 19.2 Alerts
Lab 19.3 Secure Score
Appendix
Microsoft Threat Intelligence
Microsoft Threat Intelligence Center (MSTIC)
Microsoft Security Roadmap
Microsoft Defender
Microsoft 365 Defender suite products
Microsoft 365 Defender cross-product features
Microsoft Defender Cross-product attack Simulation
Threat Management Administration
- Threat Dashboard
- Threat Explorer
- Campaign Views
- Threat Management Threat Tracker
- Threat Management Reviews
Office 365 Automated Investigation and Response (AIR)
- AIR Security Playbooks
- AIR Security Playbooks Roll Out
- Alert Policy Triggers
- AIR Requirements
- AIR Investigation Initiation
- Report Message Mailbox
- AIR alert email notifications
- Automated Investigations
- Investigation Graph
- Investigation Alert Tab
- Entities tab
- Similarity
- Indicators
- E-mail Investigation Flyout
- Investigation log tab
- Investigation (Recommended) actions tab
Threat Policies
Exchange Online Protection
- Overview of Exchange Online Protection (EOP)
- Exchange threat protection PowerShell
- Exchange Online Protection, Microsoft Defender for Office 365 plan 1 and plan 2
- Exchange Online anti-spam protection
- Connection filters
- Outbound spam policy
- Verify spam policies are configured and working properly
Control automatic external email forwarding
- Email forwarding rule alerts
- Exchange Online Auto Forwarded Message Reports
- Mail Forwarding Insights
Exchange Online Protection Spoof Intelligence
Enhanced email protection with DKIM and DMARC
- DomainKeys Identified Mail (DKIM)
- Domain-based Messaging and Reporting Compliance (DMARC)
Anti-phishing Policies
Office 365 antimalware protection
- Antimalware policies
Office 365 Secure by default
Advanced Delivery for Phishing Simulations and Security Operations Mailboxes
Preset Security Policies
Configuration analyzer
Defender for Office 365 Safe attachments and Safe links
- Defender for Office 365 Safe attachments
- Defender for Office 365 Safe attachments for SharePoint, OneDrive and Teams
- Quarantine in Defender for Office 365 for SharePoint Online, OneDrive for Business, and Microsoft Teams
- Defender for Office 365 Safe attachments reports and alerts
- Defender for Office 365 standalone
- Defender for Office 365 Safe Links
Defender for Office 365 reports
Microsoft Security Center Reports
Attack Simulation Training
Microsoft 365 Defender Advanced Hunting
Appendix Lab Defender for Office 365
Appendix Lab Office 365 AIR